Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Slow, no Start Menu, can't dowload or Run programs. [Closed]

Started by worldwidewandering , Sep 09 2013 04:47 PM

This topic is locked

#16
worldwidewandering

Posted 13 September 2013 - 12:02 AM

Member

Topic Starter
Member
22 posts

I was able to remove Conduit and Firefox is running fine. I managed to get Malwarebytes installed and ran a scan and it found 6 infected items, which I removed. I've included the Malwarbytes scan log below.

--------------
- Unhide Log -
--------------

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingc...opic405109.html

Program started at: 09/12/2013 08:48:18 PM
Windows Version: Windows Vista

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 298115 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 11791 files processed.

The C:\Users\WORLWI~1\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingc...opic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
* DisableTaskMgr policy was found and deleted!
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
* HidNoChangingWallPaperden policy was found and deleted!
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_ShowHelp was set to 0! It was set back to 1!
* Start_ShowMyMusic was set to 0! It was set back to 1!
* Start_ShowMyPics was set to 0! It was set back to 1!
* Start_ShowPrinters was set to 0! It was set back to 1!
* Start_ShowRun was set to 0! It was set back to 1!
* Start_ShowSearch was set to 0! It was set back to 1!
* Start_ShowNetPlaces was set to 0! It was set back to 1!
* Start_ShowMyGames was set to 0! It was set back to 1!

Program finished at: 09/12/2013 09:24:52 PM
Execution time: 0 hours(s), 37 minute(s), and 0 seconds(s)

--------------------
- Malwarebytes Log -
--------------------

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 913091303

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

9/13/2013 1:55:03 AM
mbam-log-2013-09-13 (01-55-02).txt

Scan type: Quick scan
Objects scanned: 241229
Time elapsed: 22 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF190686-9E72-403C-B99D-682ABDB63C5B} (PUP.Optional.TopArcadeHits.A) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\LINKSWIFT (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\LinkSwift\iid (PUP.Optional.LinkSwift.A) -> Value: iid -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\worlwidewandering\downloads\the_rifleman_season_2_secure.exe (PUP.Optional.Topmedia) -> Quarantined and deleted successfully.
c:\Users\worlwidewandering\downloads\movie_player_1280.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
c:\Users\worlwidewandering\downloads\vlcmediaplayer-setup.exe (PUP.DownloadAdmin) -> Quarantined and deleted successfully.

#17
worldwidewandering

Posted 13 September 2013 - 12:03 AM

Member

Topic Starter
Member
22 posts

#18
Buddierdl

Posted 13 September 2013 - 07:15 AM

Trusted Helper

Malware Removal
2,524 posts

Ok, that's good. How do we currently stand? What are the remaining problems?

I want to check one thing just to be sure:

Please download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

#19
worldwidewandering

Posted 13 September 2013 - 09:51 AM

Member

Topic Starter
Member
22 posts

I ran a scan with TDSKiller and all the items were set at the default "skip". I clicked "Continue" but was not instructed to reboot. I noticed that some of the items were trusted programs like Apache, Filezilla, etc. but there were a few I did not recognize. I didn't set anything to "Cure" but rather clicked continue with everything set to "skip".

It's kind of hard to tell what, if anything might still be wrong. I haven't really been using the computer except to run these scan and fix programs. The computer does seem to be running slow and it hasn't been adding any new programs to the left side of the start menu. I just have the 2 programs that I've pinned to taskbar.

-----------------
- TDSKiller Log -
-----------------

(I'm having to attach the log as I received a message about the post being too long: "Your post was too long. Please go back and shorten it a little.")

Attached Files

TDSSKiller.2.8.16.0_13.09.2013_10.46.59_log.txt 903.06KB 87 downloads

#20
Buddierdl

Posted 13 September 2013 - 09:59 AM

Trusted Helper

Malware Removal
2,524 posts

Please try to uninstall PrivitizeVPN from the control panel.

Try using the computer for a little bit and then update me how it is running.

#21
worldwidewandering

Posted 13 September 2013 - 10:40 AM

Member

Topic Starter
Member
22 posts

I don't see Privatize VPN in the uninstaller. i think I already uninstalled it from there. Is is possible there are still remnants of this program on my computer?

#22
Buddierdl

Posted 13 September 2013 - 11:03 AM

Trusted Helper

Malware Removal
2,524 posts

There's some left, so let's get rid of it. Replace the old fixlist.txt with the new one attached and run FRST in "Fix" mode again. Please post the fixlog.txt for me.

Also, let's run a general online scan and check for updates.

Step 1: Run SecurityCheck

Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2: Run online scan.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Please go here then click on:

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Things I need in your next reply:

FRST fixlog
SecurityCheck log
ESET log
Can you update me on the computer's status?

#23
worldwidewandering

Posted 13 September 2013 - 03:16 PM

Member

Topic Starter
Member
22 posts

Were you supposed to attach a new fixlog.txt file or did you mean the last fixlog.txt from my last scan? I don't see an attachment from you and I was wondering whether there was supposed to be one.

#24
Buddierdl

Posted 13 September 2013 - 03:24 PM

Trusted Helper

Malware Removal
2,524 posts

Attached Files

fixlist.txt 186bytes 81 downloads

#25
worldwidewandering

Posted 14 September 2013 - 02:53 PM

Member

Topic Starter
Member
22 posts

I'm sending you the first 2 logs as I'm having trouble running the ESET scan. It runs for about an hour and gets 37% finished and then freezes up. It has crashed my computer several times now and I've had to do hard shut downs. Ctrl, Alt. Delete doesn't work and I have no other way to restart the computer. I've tried to run the ESET program with everything else turned off, all anti-virus and other start up programs and browser windows but it won't run through without freezing. I try not to touch anything but after a certain amount of time the computer goes into sleep mode - I don't have a screensaver but would that not be just as bad? The one error that shows up is something to do with Conduit. Anyway, here are the other 2 logs:

--------------
- Fixlog.txt -
--------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-09-2013 04
Ran by worlwidewandering at 2013-09-13 18:29:07 Run:2
Running from C:\Users\worlwidewandering\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [PrivitizeVPN] - C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe [196784 2012-08-31] (OOO Industry)
C:\Program Files\PrivitizeVPN
C:\Users\WORLWI~1\AppData\Roaming\UPDATE~1

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PrivitizeVPN => Value deleted successfully.
C:\Program Files\PrivitizeVPN => Moved successfully.

"C:\Users\WORLWI~1\AppData\Roaming\UPDATE~1" directory move:

Could not move "C:\Users\WORLWI~1\AppData\Roaming\UPDATE~1" directory. => Scheduled to move on reboot.

=========== Result of Scheduled Files to move ===========

"C:\Users\WORLWI~1\AppData\Roaming\UPDATE~1" => Directory could not move.

==== End of Fixlog ====

---------------
- checkup.txt -
---------------

Results of screen317's Security Check version 0.99.73
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
CCleaner
Java™ SE Runtime Environment 6
Java version out of Date!
Adobe Flash Player 11.8.800.168
Adobe Reader 10.1.8 Adobe Reader out of Date!
Mozilla Firefox (23.0.1)
Google Chrome 28.0.1500.95
Google Chrome 29.0.1547.66
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
Spybot Teatimer.exe is disabled!
Windows Defender MSASCui.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 7 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

#26
Buddierdl

Posted 16 September 2013 - 06:35 AM

Trusted Helper

Malware Removal
2,524 posts

Let's try Bitdefender instead of ESET.

Please run a free on line scan with BitDefender Online Scanner

Click the green Start Scanner button
Click the green Scan Now button and wait a few seconds until a request appears from Bitdefender
Accept the plugin installation
Restart your browser in Administation mode if requested
Click the green Scan Now button again
Accept the eula agreement if asked
The scan should start. It will be relatively quick.
Click View report (note: this is not the green button - Free download - just click on the words View report under the black button "Get QuickScan for your website")
Notepad will open with a log
Save to your desktop
Copy and paste the report back here

#27
worldwidewandering

Posted 16 September 2013 - 12:43 PM

Member

Topic Starter
Member
22 posts

The BitDefender Online Scanner ran without finding any infections. The one infection the ESET scan found in the 38% time it ran, was: "Win32/Conduit.SearchProtect.A application". [Edit: I think there may have been a space between the A and the word application]

Edited by worldwidewandering, 16 September 2013 - 12:45 PM.

#28
Buddierdl

Posted 17 September 2013 - 07:28 AM

Trusted Helper

Malware Removal
2,524 posts

Hi,

It is probably an installer or another leftover from Conduit. If you have the file name and path, we can delete it. Or we can see if another scanner will pick it up.

I would recommend that you update your AVAST to the latest version, as your version is quite outdated. It is up to version 8 now. Then you can try running a scan with AVAST, or try the Kaspersky scan below:

Go to here
Click the download button under Kaspersky Security Scan
Download and run the file
It will start to download the Kaspersky Security Scan program data
Once downloaded the installer will begin
Click Next
Accept the License Agreement
Click Install
The program will now install
Click Finish
Kaspersky Security Scan will now start
Click the Full Scan button
The scan will take about an hour or two depending on the amount of data on your hard drive
If the scan detects problems it will open a Problems found window
Click Details to generate a scan results report
Once the scan is complete do the following:
- For XP: Navigate to C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot
  For Vista/7: Navigate to C:\ProgramData\Kaspersky Lab\KSS2\DataRoot
- Right-click on the HtmlReport folder --> Click Send to --> Click Compressed (zipped) folder
- Attach the HtmlReport zipped folder to your next post
You can now close Kaspersky Security Scan

#29
Buddierdl

Posted 25 September 2013 - 10:13 AM

Trusted Helper

Malware Removal
2,524 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.